Phishing is one of the most powerful and persistent forms of cyber attack that almost every organization is facing. It’s tempting for small and medium-sized businesses (SMBs) to think they are safe from these attacks because they have less monetary value for the bad guys than large enterprises. Remember those emails purporting to be the CEO asking the CFO to send a wire transfer? Even SMBs get spear phished with business-context emails that lead to ransomware and Business Email Compromise or invoice scams. In fact, according to Symantec’s 2017 Internet Security Threat Report, just over half of all emails (53 percent) are spam, and a growing proportion of that spam contains malware. And while email malware hit businesses of all sizes in 2016, SMBs with 251 to 500 employees were impacted the most.
The reality is that phishing is one of the most effective cyber attack vectors used today, and SMBs are scrambling to figure out the best way to handle it. While user training is necessary, it’s not sufficient. Each business has a diverse set of roles, which gives attackers a range of targets to gain access to company systems. Is it tax time? Get ready for W-2 phishing scams going after employee data. As if your HR professional wasn’t already stressed… Different employees are susceptible to different emotional and contextual triggers, and attackers need just one to fall victim to their attempts in order to compromise the whole organization. While employees can always be better at avoiding phishing attacks, there’s more that can be done.
To protect against attacks, SMBs need a system in place that automates a response to threats and leverages comprehensive threat intelligence to help them build a stronger defense. For these smaller teams - which may be an army of one - the key to safeguarding from attacks is having the ability to do more with less. Automation helps these small teams program certain tasks so they automatically trigger a chain of events when a specific alert is identified in their network. For instance, if an employee receives an email from an unfamiliar address that is discussing a payment due, the system can quickly evaluate the suspicious message and extract indicators of compromise. It can then begin flagging any emails that come from this particular email address as potential threats. Small teams cannot afford to spend valuable time manually reading files, and copying and pasting indicators. Automation creates efficiencies and gives SMBs a more focused and effective response to threats.
This automation also creates a system of record that provides context around the threat data collected such as “from” email addresses, other data in the email header, malicious links, and malware attachments. The automation makes it easy to spot trends, further protecting the organization from future attacks. For instance, taking what can be known about an adversary based on an email one step further with real-time insight into their motives, where they have been before, and what type of organization they typically target. This context, created by storing and analyzing past phishing emails, helps identify patterns in adversary behavior, which enables organizations to build the most resilient defense.
Knowing that phishing is growing in prevalence, SMBs must make it a priority to safeguard from these attacks by making use of threat intelligence and automation. This knowledge and capability enables organizations to safeguard themselves from the simplest to the most sophisticated phishing attacks.